[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapo-dynlist search member=value search?

Aleksander Adamowski wrote:
I imagined that OpenLDAP maintained a cache for dynamic groups (that's how I understood "this exploits slapd group caching capabilities" in the FAQ) in order to do a search on (member=member'sDN).
Such a cache would only need updating in only two cases:

   1. when there's a change in an object's DN if the object has an
      attribute used in any memberURL
   2. when there's a change in any object in any attribute that's used
      in a filter in any memberURL in the directory (sorry for
      convoluted sentence, but it's a convoluted subject...).

When I think about it, this data should be permanent, so it should be kept in an index, not in memory cache.

If you make the data permanent, then you may as well just use static groups.

Tracking "any memberURL in the directory" is either memory intensive and/or CPU intensive. There's no good way to do this without sacrificing one or both.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/